DistroWatch Weekly

A weekly opinion column and a summary of events from the distribution world

DistroWatch Weekly

DistroWatch Weekly, Issue 579, 6 October 2014

Welcome to this year's 40th issue of DistroWatch Weekly! Modern operating systems need to be versatile to be competitive. Popular open source operating systems often fulfil many roles, from desktop to server, from hobbyist toy to developer workstation and some even end up running on super computers. This week we discuss a range of projects which are capable of filling a variety of roles. We begin with a review of the PC-BSD operating system. PC-BSD has its roots in FreeBSD, a server oriented operating system, but PC-BSD strives to work well on desktop and laptop computers. Read on to find out what PC-BSD offers. In the News section this week we discuss Debian GNU/Linux, "the universal operating system," and the project's upcoming feature freeze. We also talk about Fedora's upcoming release and some of the changes the Fedora team is going through to make Fedora better suited to a range of computing environments. We also celebrate the birthday of PCLinuxOS, a distribution with a well deserved reputation as a friendly desktop operating system. In our Questions and Answers column this week we talk about setting up a home server and some security issues to consider when running network services from home. Plus, we announce a new, ongoing experiment in which Jesse Smith tests a variety of rolling release distributions. As usual, we cover the distribution releases of the past week and look ahead to fun, new developments to come. We wish you all a terrific week and happy reading!

Listen to the Podcast edition of this week's DistroWatch Weekly in OGG (37MB) and MP3 (44MB) formats

Feature Story (by Jesse Smith)

First impressions of PC-BSD 10.0.3

The PC-BSD project releases quarterly updates to their operating system, the latest of which is version 10.0.3. This new release of PC-BSD is based on FreeBSD 10.0 and offers several new and attractive features. New to PC-BSD 10.0.3 are version 2.2.14 of the Cinnamon desktop environment, a beta release of the Lumina desktop, bulk jail creation using the Warden utility and support for full disk encryption. This release also provides a CD-sized ISO image for people who want to install the server branch of PC-BSD without a graphical user interface. Looking through the release announcement we also find the AppCafe package manager has received some updates.

The ISO for the full version of PC-BSD is 3.3 GB in size. This ISO contains all of the project's Desktop software and can also be used to install the Server edition of the operating system. Booting from the installation media we are given the chance to choose between running a graphical system installer or the project's text installer. I opted to try the graphical interface. The installer first asks us to select our preferred language from a list. At the bottom of the installer's screen we see a line of icons which add optional functionality to the installer. One icon brings up a hardware compatibility screen where we can see which of our devices are supported. Clicking another icon brings up a screen that lets us change our keyboard's layout. A third icon offers helpful tips on each screen of the installer. Another icon brings up a virtual terminal where we can run commands and check system status. One icon brings up a network configuration utility and the last icon displays an on-screen keyboard. I especially like the hardware compatibly screen as it makes it easy to confirm whether our hardware will work with PC-BSD without any trial and error.

The second screen of the system installer asks if we would like to install PC-BSD in a desktop or server role. This screen also allows us to restore a system from a backup previously created by the Life Preserver utility. If we wish to, we can customize which software packages are installed. The installer allows us to choose which desktop environment we want to use, which third-party hardware drivers to use, what web browsers to install and whether to install development tools. We can also optionally install virtualization and compatibility software such as VirtualBox and WINE. I decided to set up a fairly bare PC-BSD desktop installation with the new Lumina desktop environment.

The installer then moves on to disk partitioning. PC-BSD uses ZFS as its file system and provides three ways for us to customize our disk partitions. There is a beginner option which only gets us to confirm the most basic of settings. An Advanced option gives us a guided path through tweaking ZFS pools, mount point options and the ability to enable more advanced configurations such as mirrored disks. The third option is a command line interface for experts and offers the most flexibility (and danger). I ended up taking the Advanced wizard and found I was able to simply click the "Next" button through most screens to end up with a suitable configuration. From there the installer begins copying files to our hard drive and, when it is finished, we are asked to reboot the computer.

The first time we boot into PC-BSD we are asked to confirm the operating system has correctly detected our video card and screen resolution. We can change the video driver to be used and alter the display resolution from this screen. Each time we change settings we are given the chance to preview what our screen will look like with the new settings before we proceed. Once our video settings have been set and confirmed we are asked to confirm we want to continue using the language we selected at install time. We are then asked to select our time zone from a list, set a password on our root account and create a user account for ourselves. The account creation screen gives us the chance to encrypt the files in our user's home directory. With this configuration step completed we are brought to a graphical login screen. Here I found that I had the chance to login to either the Fluxbox window manager or the Lumina desktop environment.

When we first login to Lumina we are greeted by a window that welcomes us and offers to share some tips to help us use PC-BSD. We are briefly shown how to connect to a wireless network, how to launch the AppCafe package manager to find additional software, where to go to change system settings and where to find the Life Preserver backup utility. We are also told about the notification icon we can watch for that tells us when new software updates are available. The final screen of the welcome wizard provides links to the PC-BSD website, support forum and documentation wiki.

The Lumina desktop places the application menu, task switcher and system tray at the top of the screen, though I later found it is quite easy to change the location of the desktop's panel. The background contains a fiery red design and the workspace is devoid of icons. Lumina loads quickly and the interface is quite responsive. Lumina runs atop the Fluxbox window manager, providing users with good performance and flexibility.

Shortly after I logged in an icon appeared on the top panel indicating software updates were available. Clicking this icon brought up the project's update manager. This application shows us a list of available updates and we can select which items we wish to download and install. Moving the mouse pointer so that it hovers over the name of an update causes a list of all files included in the update to appear on the screen. The first day I used PC-BSD only one update was available. Once I confirmed I wished to download this update the update manager indicated it would automatically create a new boot environment (snapshot) for me prior to installing the update. This means that, should the update break our operating system in some way, we can easily rollback the changes simply by choosing to boot from the snapshot created by the update manager.

The next time we boot PC-BSD we can select which boot environment we wish to run from the boot loader. I found I could not only boot into older environments from the boot loader, but selecting an alternative snapshot would bring up a second menu, asking if I would like to boot the old snapshot normally or in single user mode or in an alternative graphics mode. This makes recovering the PC-BSD operating system quite easy in cases where an update (or user error) causes the system to stop booting properly.

I tried running PC-BSD in two environments, on a physical desktop machine and in a VirtualBox virtual machine. When running on the desktop's hardware I found most aspects of the operating system worked well. Networking and audio worked automatically and the system was fairly responsive. Boot times were a little slower than what I typically experience with Linux distributions. The one problem I had with PC-BSD running on the desktop computer was that the operating system would not work with the default video card driver. I had to run PC-BSD in fail safe video mode which uses the VESA video driver. This makes for less than optimal graphics performance.

PC-BSD ran smoothly in the virtual environment and I experienced no problems while running PC-BSD in VirtualBox. I did find the PC-BSD virtual machine tended to use more of my host computer's CPU than would be usual for a Linux distribution. My host's CPU was often pegged at 100% and would stay that way while the PC-BSD guest downloaded software, checked for updates or performed administrative tasks. When left alone the PC-BSD virtual machine would scale back and use virtually none of my host's CPU cycles. In either test environment PC-BSD used approximately 300MB of memory when logged into the Lumina desktop environment.

The software PC-BSD ships with can vary a great deal depending on the selections we make at install time. I opted to start with a small selection of software I could add to later. Along with the Lumina desktop I found PC-BSD provided me with the Firefox web browser (with Flash plugin), the X11VNC remote desktop software and the GNU Image Manipulation Program. I was provided with the MPlayer and UMplayer media players and a full range of multimedia codecs for playing popular file formats. The new Insight file manager is available, along with a few text editors and the Clang compiler. The userland tools, documentation and kernel are provided by the project's FreeBSD 10.0 base.

The PC-BSD Control Panel is, perhaps, the central focus of the operating system. From this configuration panel we can manipulate virtually every aspect of the operating system from printers to background services, to software packages and backups, to boot environments, firewalls and jails. There are a few items in the Control Panel I believe deserve attention. The first is the Boot Environments feature I mentioned earlier. There is a tool in the Control Panel that shows us a list of existing boot environments, snapshots that we can load at boot time. Using the Boot Environments utility we can create new snapshots at any time, remove stale snapshots and select which snapshot will load by default when the computer boots.

Another handy tool is Life Preserver. This utility helps us create backups of our data and it is quite flexible. Life Preserver will create traditional backups of our home directories if we wish. However, Life Preserver's power comes from its use of ZFS snapshots. We can have Life Preserver create ZFS snapshots of our data at regular intervals and automatically clean out old snapshots on a regular basis. We can also have our data automatically backed up to a remote machine on the network via a secure connection. Additionally, Life Preserver allows us to browse through existing ZFS snapshots, locate files contained in these snapshots and restore old copies of files with the click of a button. This makes recovering from data corruption or accidental deletion virtually painless.

The AppCafe is PC-BSD's package manager and it has a nice, modern interface. Using AppCafe we can browse through categories of available packages and install new items with the click of a button. Clicking on the name of a package will show us a detailed description of the software, the size of the item and related packages for comparison. AppCafe provides a unified way to deal with packages from various sources, such as PBIs and raw packages managed by pkg. The AppCafe utility also lets us switch between PC-BSD's stable Production software repository and the project's fast paced development repository, called Edge. This allows users to effectively switch, at will, between a fixed quarterly release cycle and a rolling release package model.

Finally, one powerful tool offered by PC-BSD is the Warden. The Warden is a front end manager for FreeBSD jails. Using Warden we can create jails, take file system snapshots of existing jails and manage jails. The syntax for working with jails directly can be complex and Warden does a nice job of presenting all the jail features in a nice, tidy graphical interface. I also like that AppCafe integrates with jails and we can use AppCafe to install new software directly into a jail. This makes it easy to install services inside jails from the comfort of the graphical package manager. Using Warden we can create a couple of different styles of jails, including minimal PC-BSD jails and Linux-based jails. For example, we can create a jail which runs Debian Squeeze and install services from Debian's software repositories inside our jail running on PC-BSD. Running Debian in a jail nicely combines PC-BSD's lightweight container technology and file system snapshots for data recovery with Debian's fantastic package manager and dependency resolution.

One thing that always stands out in my mind when I experiment with PC-BSD is how much functionality the operating system offers, how much power is available straight away. On the surface, PC-BSD looks and acts like most mainstream Linux distributions. PC-BSD runs the same desktop environments, we can run the same productivity software, the same web browsers and the controls are mostly the same. Under the hood, PC-BSD may take a slightly different approach to package management, but the AppCafe should be familiar to anyone who has used Ubuntu, Fedora, Mageia or openSUSE. Where the power of PC-BSD really shows up is in the administration tools which, despite the name, are not just for system administrators, but for regular home users too.

PC-BSD comes with the same tools we can expect to find in Linux distributions -- a firewall configuration app, utilities to change the look & feel of the desktop, a services manager and so on. Unlike most Linux distributions, PC-BSD also ships with a powerful file system (ZFS) and integrates this file system with its other utilities. This means we can make frequent (and time saving) snapshots of the files in our home directory, we can almost immediately recovery from damaging software updates and we can synchronize our data to remote machines almost effortlessly. Using ZFS we can also set up RAID configurations and mirrored disks, something that is usually awkward to do in Linux distributions. Finally, there is the Warden utility. While some leading Linux distributions are just starting to support and encourage the use of Docker as a way to contain and transfer software, PC-BSD offers a great GUI front end to managing lightweight containers. Using Warden we can take snapshots of jails, transfer jails between computers and even run instances of Debian if we wish to. To top it off, PC-BSD operates as either a rolling release or a fixed release operating system, appealing to people who either want to live on the cutting edge or to those who are more conservative.

The PC-BSD operating system does have a few drawbacks compared to mainstream Linux distributions. There are several programs, open source or proprietary, which run on Linux, but not on PC-BSD. The Chrome web browser and Steam gaming portal come to mind, along with a few other smaller utilities. Most of the time PC-BSD's software repositories are close to being on par with Linux distributions, but there are some corner cases where I found I was missing certain packages. I also found PC-BSD did not play well with my desktop computer's video card. PC-BSD typically works well with NVIDIA or Intel cards, but my Radeon card did not play well with the FreeBSD-based operating system. I think it's also worth mentioning PC-BSD runs on the 64-bit x86 architecture exclusively. For most people this will not be a problem, but some quite old machines may not work with PC-BSD.

All in all, I am impressed with what the PC-BSD team has managed to deliver with their 10.0.3 release. The project has taken on additional polish with the last few releases. The graphical front ends look nicer, some bugs I spotted in previous releases (especially with Life Preserver) have been fixed and the way ZFS integrates with the other PC-BSD tools was very useful to me. There are a lot of great features in this release I would love to see ported to Linux and there were no serious problems during my trial, beyond the video driver issue I was able to work around. I definitely recommend giving PC-BSD a try, it offers a great deal of power in an attractive package.

* * * * *

Hardware used in this review

My physical test equipment for this review was a desktop HP Pavilon p6 Series with the following specifications:

The next stable version of Debian GNU/Linux, version 8.0 and code name "Jessie", is fast approaching. The Debian team was recently reminded that any new packages destined for Jessie should soon be uploaded as Debian will be going into feature freeze on November 5th. Meanwhile, Lucas Nussabaum published a blog post in which he lets users of Debian know several packages may be dropped from Jessie if nobody steps forward to maintain them. "The start of the jessie freeze is quickly approaching, so now is a good time to ensure that packages you rely on will the part of the upcoming release. Thanks to automated removals, the number of release critical bugs has been kept low, but this was achieved by removing many packages from Jessie: 841 packages from unstable are not part of jessie, and won't be part of the release if things don't change." Nussbaum goes on to explain how users can check if their favourite packages are queued for removal and how to get involved to help maintain important packages.

With freeze less than a month away, perhaps it's a good time to start testing the upcoming Debian release. To encourage new installations, the Debian installer team released the second beta installer for "Jessie" on Sunday: "The Debian Installer team is pleased to announce the second beta release of the installer for Debian 8 "Jessie". Important changes in this release of the installer: GNOME is now the default desktop environment on Linux again; a list of desktop environments is displayed in tasksel, making it easy to install another desktop environment (or several of them), unfortunately that is currently a bit underdocumented; preliminary support for the arm64 and ppc64el architectures has been added. Other changes in this release of the installer: brltty - append the configuration inherited from d-i to the end of brltty.conf instead of overwriting it (which was thus losing the documentation for the user); BusyBox - add support for /32 subnets in udhcpc script...." As always, the new "netinst" images for supported architectures are available from the Debian Installer project page.

One of the more unusual and decidedly "geeky" among the Debian ports is Debian GNU/kFreeBSD, a distribution that uses the FreeBSD kernel instead of Linux (DistroWatch reviewed Debian GNU/kFreeBSD 7.0 in July 2011). Although probably not as widely used as the project's more popular ports, it is still an interesting concept, almost unique among Linux distributions, with only Gentoo Linux providing a similar system. Unfortunately, this Debian variant is in grave danger of being dropped from the distribution - due to concerns over its viability and quality. Adam D. Barratt reports on behalf of the Debian release team: "We remain gravely concerned about the viability of this port. Despite the reduced scope, we feel that the port is not currently of sufficient quality to feature as a fully supported release architecture in Jessie. However, we accept that our published view of the port has not been as 'clear and unambiguous' as we would wish. We therefore advise the kFreeBSD porters that the port is in danger of being dropped from Jessie, and invite any porters who are able to commit to working on the port in the long term to make themselves known *now*. The factor that gives us greatest concern is the human resources available to the port."

* * * * *

The long awaited release of Fedora 21 is expected to arrive later this year. A lot of work has gone into changing the way Fedora is presented as a product. Fedora 21 will represent the first release from the project which is divided into three editions (Server, Workstation and Cloud) and it is expected to offer a number of interesting features. Christian Schaller has a detailed blog post in which he talks about the upcoming release and he highlights items to look for. "Wayland in Fedora Workstation 21 is also an important milestone as it exemplifies the new development philosophy we are embarking on. Fedora has for a long time been known to be a Linux distribution where a lot of new pieces become available first." He goes on to report common complaints about managing packages are being addressed: "Yum used to be very slow and while it has gotten a lot better over the years it was still considered a bit of an eyesore for many. So Ales Kozumplik and others have worked writing a new set of tools to do the low level software handling over the last few years and I am happy to say that for Fedora Workstation 21 we will be using those tools to greatly improve the software installation and update experience."

* * * * *

The PCLinuxOS distribution originally grew out of the Mandrake distribution back in 2003. These days PCLinuxOS is maintained as a separate fork, an independent distribution, by Bill Reynolds (aka Texstar) and various community members. The distribution celebrates its 11th birthday this month, quite an achievement for the community based distribution. PCLinuxOS is well known for being easy to use, shipping with all the software most users will need right out of the box and for being a rolling release distribution. We wish the PCLinuxOS team all the best and wish the project a bright and happy future.

* * * * *

Finally, a quick announcement from a company seeking to employ an experienced technical community manager with excellent Linux skills. Digital Ocean, a web hosting company, got into touch with DistroWatch last week, offering our readers a preferential option to apply for this full-time position based in New York: "DigitalOcean, a cloud hosting company, is looking to hire a technical community manager with a deep understanding of Linux System Administration who is passionate about informing people of best practices and helping others learn. The DigitalOcean community receives over 4 million page views each month, and the community manager would engage with the community across all platforms. Apply here: do.co/communitymanager.

Questions and Answers (by Jesse Smith)

Setting up a home server and an experiment with rolling releases

Working-at-home asks: I am planning on setting up a file server at home and occasionally using it as a media streaming server and maybe a web host. I am wondering if I should use virtual machines to separate functionality or if it is fine, from a security stand point, to run all services together?

DistroWatch answers: People who are very concerned with security would probably tell you that, when in doubt, you should place all of your network services into separate virtual machines. This would not only protect your services (and the host operating system) from interfering with each other, it would prevent an attacker from taking over the entire machine by exploiting one service. That being said, I think whether you decide to divide your server's services into separate virtual machines should depend on to whom you plan to grant access to these services.

Assuming your files, media and web host will be accessed only by yourself and perhaps by your family and close friends who visit your home, then I would suggest taking a simple approach and placing all services directly on the server without creating any virtual machines. Assuming the people who use your server are people who have access to your local network, presumably people you trust, then your server is probably not at high risk. Make sure your server and router have firewalls enabled that block access from computers outside your local network and you should be fine.

However, if you plan to allow people outside your local network (or people you do not trust) to access to your server, then creating virtual machines for added security makes sense. The inclusion of a web host in your list of services makes me think you might be opening up your server to connections from the entire Internet. If that is the case, then I think it would be a good idea to put, at minimum, the web service in a virtual machine. That way if someone manages to find a weakness in your web service's security, the attacker will only gain access to your virtual machine and not to the rest of the server and your files.

* * * * *

Whenever the subject of rolling release distributions comes up on DistroWatch there is some debate in the comments section as to whether rolling releases can be considered reliable. Some people report their rolling installations break after a few short days or weeks, others report running rolling distributions for years without serious issues. Personally, I tend to avoid rolling release distributions as their design, their policy of regularly updating, is at odds with the way I want my computers to work. I very much desire a system where applications and services run the same tomorrow as they did today, my work requires it. Not only do I need a system that continues to work, but applications which behave predictably. For the past decade I have been running fixed release distributions and have experienced virtually no serious problems, at least nothing that prevented me from completing tasks. As a result, the experiences I have had with rolling release distributions have been limited to short trials, usually a week in length, when I am writing a review.

Given some recent developments, specifically the Mint distribution switching its "Debian" edition branch from a rolling release to a fixed release and the openSUSE project turning Factory into a proper rolling release distribution, I have become increasing curious: just how stable are rolling release operating systems these days? I am of the opinion the best way to find out is to experiment. With that in mind I have begun a simple trial in which I will run several rolling release distributions in parallel and see which (if any) of the operating systems break and how long each operating system can be upgraded while still allowing the user to accomplish common tasks.

Last week I downloaded and installed five open source rolling release operating systems. Specifically, I set up installations of Arch Linux, PCLinuxOS, openSUSE, Debian Sid and PC-BSD. In the coming weeks I will be sharing my initial impressions, describing any broken software that comes about following package updates and I will be evaluating available recovery utilities. My initial experiences will appear in next week's DistroWatch Weekly and I will post regular bulletins on my Twitter feed in the spirit of rolling updates. I hope you will follow along and send me suggestions and feedback as my experiment progresses.

Johnny Hughes has announced the release of CentOS 5.11, the distribution's final release in the 5.x branch: "We are pleased to announce the immediate availability of CentOS 5.11 for i386 and x86_64 architectures. CentOS 5.11 is based on source code released by Red Hat, Inc. and it includes packages from all variants, including Server and Client." The release announcement includes a note on the Bash "shellshock" vulnerability: "The Bash version included on the CentOS 5.11 ISO images is a version that contains the shellshock vulnerability. When we create CentOS ISO images, we try to mirror the same package versions that are on the upstream ISO images from Red Hat, whose ISO images also contain that vulnerability. An updated Bash is available as a zero day update in the 5.11 updates repository now. Please run 'yum update bash' after install." See also the release notes.

Neophytos Kolokotronis has announced the release of Chakra GNU/Linux 2014.09, a desktop Linux distribution that uses the Pacman package manager and features the latest KDE 4.14 desktop: "The Chakra team is happy to announce the first release of the Chakra Euler series, which will follow the 4.14 KDE releases. A noticeable change in this release is the major face-lift of Kapudan, which now gives the option to users to enable the [extra] repository during first boot so they can easily install the most popular GTK+-based applications. As always, many updates to packages are available after installation. KDE Software Compilation: Chakra provides the latest stable version released by KDE, 4.14.1; dhcpcd has been replaced by dhclient as a dependency for NetworkManager. Core packages: Linux kernel 3.15.15, X.Org Server 1.15.2, systemd 216." Continue to the release announcement for more details and a screenshot.

Klaus Knopper has released KNOPPIX 7.4.2, a security and bug-fix update which corrects the Shellshock vulnerability in Bash and several other security issues: "Version 7.4.2 of KNOPPIX is based on the usual picks from Debian 'Wheezy' and newer desktop packages from Debian 'testing' and Debian 'unstable'. It uses Linux kernel 3.16.3 and X.Org Server 1.16.1 for supporting current computer hardware. Changes: security fixes in Firefox (Iceweasel 32.0.3), Chromium (37.0.2062.120); GNOME desktop starts again using boot option 'knoppix desktop=gnome', if supported by graphics card; patch for the Bash shell against the 'Shellshock' bug in the environment variable parser; updated udev (215) and dBUS (1.8.8) for automatic hardware management and autostart of systemd components, updated LibreOffice (4.3.2), GIMP (2.8.14), KDE libraries (4.8.4)...." Here are the release notes.

Eric Turgeon has announced the release of GhostBSD 4.0, a major new version of the project's FreeBSD-based operating system for the desktop, with MATE as the preferred desktop environment: "The GhostBSD team is pleased to announce the availability of GhostBSD 4.0 'Karine'. This is the first release of the 4.x branch, which is based on FreeBSD 10 and which introduces some new features. Highlights: GCC is no longer installed by default, Clang is the default compiler; make(1) has been replaced with bmake(1) obtained from the NetBSD Project; pkg(7) is now the default package management utility; pkg_add(1), pkg_delete(1), bxpkg and related tools have been removed; Networkmgr is the default network manager; MATE is the default desktop; three workstation to choose from. GhostBSD 4.0-RELEASE is now available for the amd64 and i386 architectures, it can be installed from bootable ISO images or from USB memory sticks." Here is the full release announcement with screenshots.

Star Labs - Laptops built for Linux.
View our range including the Star Lite, Star LabTop and more. Available with a choice of Ubuntu, Linux Mint or Zorin OS pre-installed with many more distributions supported. Visit Star Labs for information, to buy and get support.

ByzantineOS was a software Internet Appliance with a home entertainment bias. It was based on a networked Linux distribution/bootable system with Mozilla providing access to a range of services and applications. ByzantineOS fits on a 32MB (or 48MB) media and should work on any PC. With ByzantineOS CD-ROM, there was no need for hard-disks or floppy drives.